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Amendments to the Claims; 

This listing of claims will replace all prior versions of claims in tiie application: 
Listing of Claims: 

1 . (Currently Amended) An overlay network for maintaining traffic flow between a client 
and a server during a denial of service attack, comprising; a set of overlay nodes, coupled 
between the client and the server, wherein each overlay node comprises: a ranking module 
configured to rank the overlay nodes based on a performance metric, wherein an overlay node 
with a higher-ranking indicates that tlie overlay node has better performance for transferring 
traffic to the server than overlay nodes with lower-rankings; and a probing module configured to 
probe a portion of the overlay nodes with higher-rankings more frequently than overlay nodes 
with lower-rankings during probing intervals , each overlay node having a performance metric 
comprising an aniount of bandviddth available to reach tlte overlay node from a probing node and 
an amount of bandwidth available between the overlay node and a tai'get node and wherein an 
overlay node having a higher amount of available bandwidth has a higher ranking than another 
overlay node with a lower amount of availa ble band width. 

2. (Original) The overlay network as recited in claim 1, wherein each overlay node further 
comprises a path selection module, configured to dynamically select an overlay node with a 
highest-rankings to be included as part of a pathway for transferring traffic to the server. 

3. (Original) The overlay network as recited in claim 1, further comprising an access node, 
configured to authenticate traffic directed to the server from the client, and fomard authenticated 
traffic to one or more of the overlay nodes. 

4. (Original) The overlay network as recited in claim 1, further comprising one or more 
target nodes, configured to transfer the traffic from one or more of the overlay nodes directly to 
the server, the one or more target nodes having exclusive knowledge of an identity for the server. 

5. (Original) The overlay network as recited in claim 1, wherein each overlay node is 
virtually connected to each other. 
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6. (Currently Amended) The overlay network as recited in claim 1, wherein the 
performance metric includes at least one of: a¥tti lable - k md-wi4th— latency, loss rate, and jitter; 
and wherein an overlay node witli a higher-ranking indicates that the overlay node has better 
performance for transferring traffic to the server than overlay nodes with lower-rankings, the 
better performance including at least one of; »t>re~a¥aikbi04widwidtlvless jitter, lower latency, 
and less packet loss. 

7. (Original) The overlay network as recited in claim 1, wherein the ranlcing module is 
further configured to determine whether the portion of overlay nodes with higher-rankings 
continue to have better perfonnance for transferring traffic to the server than one or more of the 
overlay nodes with lower-ranlcings after a probing interval. 

8. (Original) The overlay network as recited in claim 1, wherein the ranking module is 
configured to demote the rankings of the portion of overlay nodes with higher-rankings to lower- 
rankings if the portion of overlay nodes with higher-rankings have worse performance for 
tiansferring traffic to the server than one or more of tlie overlay nodes with lower-rankings after a 
probing interval. 

9. (Original) The overlay network as recited in claim 1 , wherein the traffic is data. 

10. (Currently Amended) A method for evaluating overlay nodes in a network to mitigate 
against a denial of service attack, the method comprising: ranking the overlay nodes based on a 
performance metric compr ising bandwidth that is available to reach a n overla y node from a 
probing node and bandwidth that is available to reach a ta-get node from the overlay node , 
wherein an overlay node with a higher-ranking indicates that the overlay node has better 
performance for transferring traffic to a target than overlay nodes with lower-rankings; and 
probing a portion of the overlay nodes with higher-rankings more frequently than overlay nodes 
with lower-rankings during probing intervals. 
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1 1 . (Original) The method as recited in claim 1 0, wherein the performance metric includes at 
least one of: available bandwidth, latency, loss rate, and jitter. 

12. (Currently Amended) The method as recited in claim 10, wherein an overlay node with a 
higher-ranking indicates that the overlay node has better performance for transferring traffic to a 
target than overlay nodes with lower-rankings, the better performance including at least one of: 
fflei ^ avail -afel<»%am4wi-dthrless jitter, lower latency, and less packet loss. 

13. (Original) The method as recited in claim 10, wherein the portion of the overlay nodes 
with higher-rankings includes one or more overlay nodes. 

14. (Original) The method as recited in claim 10, wherein the target includes at least one of: 
an overlay node, an overlay node with exclusive access to a host server, and a host server. 

15. (Currently Amended) The method as recited in claim 10, fethei-comprising determining 
whether the portion of overlay nodes with higher-rankings continue to have better performance 
for transferring traffic to a target than one or more of the overlay nodes with lower-rankings after 
a probing interval, 

16. (Currently Amended) The method as recited in claim 10, fw-tii<jiH;omprising deteraiining 
whether the portion of overlay nodes with higher-rankings continue to have better performance 
for transferring traffic to a target than one or more of the overlay nodes with lower-rankings after 
a probing interval; and demoting the rankings of the portion of overlay nodes with higher- 
rankings to lower-rankings if the portion of overlay nodes with higher-rankings have worse 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings. 
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17. (Currently Amended) The method as recited in claim 10, fell^ei-comprising determining 
whether the portion of overlay nodes with higher-rankings continue to have better performance 
for transfeiTing traffic to a target than one or more of the overlay nodes with lower-rankings after 
a probing interval; and promoting the rankings of one or more of the overlay nodes with lower- 
rankings to higher-rankings, if the portion of overlay nodes with higher-rankings have worse 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings. 

18. (Currently Amended) The method as recited in claim 10, -fei4heiH;omprising selecting the 
portion of the overlay nodes with higher-rankings to be included as part of a pathway for 
transfeiTing traffic to a target. 

19. (Currently Amended) One or more computer-readable media comprising computer 
executable instructions that, when executed, direct a computer to: evaluate overlay nodes in an 
overlay network; rank the overlay nodes based on a performance metric comprising bandwidth 
that is available to reach an overlay n ode from a probin g node and bandwidth that is available to 
reach a target node from the overlay node , wherein an overlay node with a higher-ranking 
indicates that the overlay node has better performance for transferring traffic to a target than 
overlay nodes with lower-rankings; and probe a portion of the overlay nodes with higher- 
rankings more frequently than overlay nodes with lower-rankings during probing intei-vals. 

20. (Original) One or more computer-readable media as recited in claim 19, fuither 
comprising computer executable instructions that, when executed, direct the computer to: 
determine whether the portion of overlay nodes with higher-rankings continue to have better 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings after a probing interval. 
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21. (Original) One or more computer-readable media as recited in claim 19, further 
comprising computer executable instructions that, when executed, direct the computer to; 
determine whether the portion of overlay nodes with higher-rankings continue to have better 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings after a probing interval; and demote the rankings of the portion of overlay nodes with 
higher-rankings to lower-rankings if the portion of overlay nodes with higher-rankings have 
worse performance for transferring traffic to a target than one or more of the overlay nodes with 
lower-rankings. 

22. (Currently Amended) In a network comprising overlay nodes interspersed between a 
server and client, a system for mitigating against a denial of service attack, the system 
comprising: at least one overlay node; means for probing overlay nodes in the network during a 
probing interval to determine connectivity levels of each overlay node; the at least one overlay 
node comprising means for ranking each overlay node wherein an overlay node having a highest- 
ranking has a highest connectivity potential for transferring traffic to the server , the means for 
ranking assigning at least one overlay node with a iirst, highest ranking, at least one other overlay 
node with a second ranking that i s lower than the first ranking and at least one other overlay node 
with a third ranking that is lower than the second ranking ; means for selecting the overlay node 
with the highest-ranking to be included as part of a pathway for transferring the traffic to the 
server; and means for probing a portion of the oveday nodes with higher-rankings more 
frequently than other overlay nodes during subsequent probing intervals , the means for probing 
usi ng a first timing for probing an overlay node having the first ranking witli a first interval 
between p r obes, the means for probing using a second timing for probing an overlay node having 
the second ranking with a second interval between probes, the second interval being longer than 
the first interval and the means for probing using a third timing probintz an overiay node having 
the third ranking with a third interval between j^robes. the tliird interval being longer than the 
second interval . 
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23. (Currently Amended) An overlay network to mitigate a Denial of Service attack, 
comprising: access nodes configured to authenticate traffic directed to a server from a client; 
target nodes configured to transfer the traffic previously authenticated by the access nodes to the 
server; and overlay nodes, coupled between the access nodes and the target nodes, configured to 
route the traffic from the access nodes to the target nodes by selecting a best end-to-end path 
between the client and the server based in accordance with at least one performance metric^ 
wherein each overlay node comprises: a ranking module configured to rank the overlay nodes 
based on the performance metric, wherein an overlay node with a higher-ranking indicates that 
the overlay node has better performance for transferring traffic to one of the target nodes than 
pycrlay nodes wi th lower-rankings; and a probing module configured to probe a portion of the 
overlay nodes with higher-rankin gs more frequently than overlay no des with lower-rankin<j;s 
during, probing intervals, the ranking module ranking a first overlay node with a i'lrst ranking, a 
second, different overlay node with a second, lower ranking and a third, different overlay node 
with a third ranking that is lower than the second ranking, the probing module probing the fu-st 
over la y node more often than probing the second overlay node a nd probin g the second overlay 
node more often than probing the third overlay node . 

24. (Original) The overlay network as recited in claim 23, wherein each overlay node is 
configured to dynamically select, a best target node for accessing the server and a best path to 
reach that target node. 

25. (Original) The overlay network as recited in claim 24, wherein the best path is selected 
via a best next hop measured in terms of the at least one perfonnance metric. 

26. (Cancelled) 
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27. (Currently Amended) In an overlay network, a node for maintaining traffic flow between 
a client and a server during a denial of service attack, the node comprising: a ranking module 
configured to rank overlay nodes coupled between the client and the server based on a 
performance metric, wherein overlay nodes with a higher-ranking indicates that the overlay 
nodes have better performance for transferring traffic to the server than overlay nodes with 
lower-rankings; and a probing module configured to probe a portion of the overlay nodes with 
higher-rankings more frequently than overlay nodes witli lower-rankings during probing 
intervals , the ranking module ranking a first overlay node with a first ranking, a second, different 
pyerlay node with a second, lower ran king and a third, d if fe rent overlay node with a third ranking 
that is lo wer than the second ranking, the probing module probing the first overlay node more 
often than the second overlay node and probing the second overlay node more often than the 
third overlay node . 



